Avanti Markets, which provides food kiosks often found in company breakrooms, fell victim to a data breach that may have impacted up to 1.6 million people. The Tukwila, Washington-based company said the incident affected employees' payment card information, email addresses and possibly their saved biometric authentication data.

Biometric authentication is a security procedure that uses an individual's physical characteristics to verify identity, such as one's thumbprint.

"On July 4, 2017, we discovered a sophisticated malware attack which affected kiosks at some Avanti Markets," the company revealed in a blog post on Monday. "Based on our investigation...and although we have not yet confirmed the root cause of the intrusion, it appears the attackers utilized the malware to gain unauthorized access to customer personal information from some kiosks."

The malware collected users' payment card data, including their first and last names, account numbers, card expiration dates and email addresses. Avanti hasn't revealed which biometric information may have been accessed by hackers, but some of the company's kiosks have fingerprint readers. The time frame of the breach and the impacted locations remain unknown.

"Because not all of our kiosks are configured or used the same way, personal information on some kiosks may have been adversely affected, while other kiosks may not have been affected," Avanti said.

Following the incident, the micro market provider hired a "nationally-recognized forensic investigation firm" to assist with the breach, alerted the FBI and shut down payment processing at some locations.

Avanti has kiosks in 46 states and serves up to 1.6 million people, according to its site. The company advised potential victims to closely monitor financial statements and to place fraud alerts on credit accounts with Equifax, TransUnion and Experian.

Data breaches are on the rise - and they're costing businesses millions of dollars. Last year, 34 percent of US-based companies were involved in some type of online security incident according to a report from Bitdefender.

Menlo Park-based Cybersecurity Ventures predicts that overall financial losses from online crime will reach more than $6 trillion annually in three years. In 2015, it was just $3 trillion.